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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
eamed patent term adjustment. See 37 CFR 1 .704(b). 

Status 
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2a )□ This action is FINAL. 2b)|3 This action is non-final. 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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Applicant may not request that any objection to the drawing(s) be held In abeyance. See 37 CFR 1.85(a). 
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DETAILED ACTION 

1 . This communication is in response to application filed on 23 August 2006 and 20 
October 2006. Claims 1-9 are presented for examination on the merits. 

Priority 

2. Applicant's claim for the benefit of U.S. provisional patent application 60/546194 
filed 23 February 2004 under 35 U.S.C. 1 19(e) is acknowledged. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) was submitted on 23 August 2006. 
The submission is in compliance with the provisions of 37 CFR 1 .97. Accordingly, the 
information disclosure statement is being considered by the examiner. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, macliine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 1-9 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. 

6. Claim 1 recites a method for calculating a one time password but does not 
positively recite a particular machine as performing the method, nor is a physical 
transformation occurring; therefore the claim is ineligible under 35 U.S.C. § 101 . See 
"Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 
U.S.C. §101" issued 24 August 2009. The rejection may be overcome by reciting 
physical structure as performing one of the method steps (such as "concatenating, by a 
computer, a secret with a count"). 
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7. Claims 2 and 6 recite metliods for authenticating a request for access to a 
resource but do not positively recite a particular machine as performing the method, nor 
is a physical transformation occurring; therefore the claim is ineligible under 35 U.S.C. § 
101 . In the broadest reasonable interpretation the authentication server could be extra- 
solution activity. See "Interim Examination Instructions for Evaluating Subject Matter 
Eligibility Under 35 U.S.C. §101" issued 24 August 2009. The rejection may be 
overcome by reciting physical structure as performing one of the method steps (such as 
"retrieving, by the authentication server..."). 

8. Claims 3-5 are also rejected as being dependent upon claim 2 

9. Claims 7-9 are also rejected as being dependent upon claim 6. 

Claim Rejections - 35 USC § 103 

1 0. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 1 . Claims 1-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Matyas Jr. et al. (U.S. Patent 5,953,420, hereinafter referred to as IVIatyas) in view 
of Newcombe (U.S. Patent PG Publication 2003/0172269, now U.S. Patent 
7,392,390, hereinafter referred to as Newcombe). 

12. As per claim 1 

Matyas explicitly discloses concatenating a secret with a count (Abstract, 2:29- 
49, 5:17-31,5:39-59) 
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Matyas explicitly discloses the count number that increases monotonically 
(Figure 4, 5:17-25) 

Matyas explicitly discloses the count number that increases monotonically with 
the number of One Time Passwords generated and increases monotonically at the 
authentication server with each calculation at the authentication server of a One Time 
Password (Figure 4, 5:17-25) 

Matyas does not explicitly disclose a token or where the secret is uniquely 
assigned to token and is shared between the token and an authentication server. 
Newcombe teaches a token and a method of assigning a secret to a ticket (similar to a 
token) (0058. 0064-0066, 0068, 0072, 0091) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the method for establishing an authenticated shared secret value 
between a pair of users of Matyas with the method for binding Kerberos style 
authenticators to single clients of Newcombe for the purpose of enabling improved 
authentication in a distributed environment. 
13. As per claim 2 

Matyas explicitly discloses receiving a request for authentication (2:35-57, 5:1- 
10, 5:46-59, 7:25-37) 

Matyas explicitly discloses concatenating a secret with a count (Abstract, 2:29- 
49, 5:17-31,5:39-59) 

Matyas explicitly discloses calculating the one time password based on count 
values and the secret (Figure 4, 5:17-25) 
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Matyas explicitly discloses retrieving a count (5:46-59) 

Matyas explicitly discloses retrieving a secret (6:62-65) 

Matyas explicitly discloses comparing the calculated one time password with the 
received one time password (6:45-61) 

Matyas explicitly discloses that if the calculated and received password match 
that the request is authenticated (6:45-61). 

Newcombe teaches a serial number uniquely associated with a token (IP 
address, 0025) 

Newcombe teaches a personal identification number associated with a user 
(password, 0057-58, 0065-0067) 

Newcombe does not explicitly teach incrementing the count and recalculating; 
However Newcombe teaches a window of acceptable values for time with which 
recalculation can occur and authenticate the client (0059, 0068, 0070, 0097). Thus a 
predictable result {KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) 
of Matyas and Newcombe would be to substitute the count value for the time value, 
perform the incrementing of the count and recalculate to determine if the count was 
acceptable for the purpose of enabling improved authentication in a distributed 
environment. 

14. As per claims 3 and 7 

Newcombe teaches an SHA-1 hash function (0029-0030, 0068, 0103) 

15. As per claims 4 and 8 

Newcombe teaches a symmetric key (0028, 0032). 
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16. As per claims 5 and 9 

Newcombe teaches "an acceptable time window" which would encompass a 
predetermined number of times for authentication (0059, 0068, 0070, 0097). 

17. As per claim 6 

Matyas explicitly discloses receiving a request for authentication (2:35-57, 5:1- 
10, 5:46-59, 7:25-37) 

Matyas explicitly discloses concatenating a secret with a count (Abstract, 2:29- 
49, 5:17-31,5:39-59) 

Matyas explicitly discloses calculating the one time password based on count 
values and the secret (Figure 4, 5:17-25) 

Matyas explicitly discloses retrieving a count (5:46-59) 

Matyas explicitly discloses retrieving a secret (6:62-65) 

Matyas explicitly discloses comparing the calculated one time password with the 
received one time password (6:45-61) 

Matyas explicitly discloses that if the calculated and received password match 
that the request is authenticated (6:45-61). 

Newcombe teaches a username (user account) associated with a user (0058, 
0060, 0062-0063, 0066) 

Newcombe teaches a personal identification number associated with a user 
(password, 0057-58, 0065-0067) 

Newcombe does not explicitly teach incrementing the count and recalculating; 
However Newcombe teaches a window of acceptable values for time with which 
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recalculation can occur and authenticate the client (0059, 0068, 0070, 0097). Thus a 
predictable result {KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)) 
of Matyas and Newcombe would be to substitute the count value for the time value, 
perform the incrementing of the count and recalculate to determine if the count was 
acceptable for the purpose of enabling improved authentication in a distributed 
environment. 

Please note : 

A recitation of the intended use of the claimed invention must result in a 
structural difference between the claimed invention and the prior art in order to 
patentably distinguish the claimed invention from the prior art. If the prior art structure is 
capable of performing the intended use, then it meets the claim. 

Applicant(s) are reminded that optional or conditional elements do not narrow the 
claims because they can always be omitted. See e.g. MPEP §2106 II C: "Language 
that suggest or makes optional but does not require steps to be performed or does not 
limit a claim to a particular structure does not limit the scope of a claim or claim 
limitation. [Emphasis in original.]"; and In re Johnston, 435 F.3d 1381, 77 USPQ2d 
1788, 1790 (Fed. Cir. 2006) ("As a matter of linguistic precision, optional elements do 
not narrow the claim because they can always be omitted."). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JAMES D. NIGH whose telephone number is (571)270- 
5486. The examiner can normally be reached on Monday-Thursday 6:45-5:15. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Calvin L. Hewitt II can be reached on 571-272-6709. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/JAMES D NIGH/ 
Examiner, Art Unit 3685 

/Calvin L Hewitt 11/ 

Supervisory Patent Examiner, Art Unit 3685 



